[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/hvm: Disallow unknown MSR_EFER bits

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Date: Mon, 23 Jul 2018 16:11:55 +0200
Cc: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Mon, 23 Jul 2018 14:12:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Jul 23, 2018 at 02:49:50PM +0100, Andrew Cooper wrote:
> It turns out that nothing ever prevented HVM guests from trying to set unknown
> EFER bits.  Generally, this results in a vmentry failure.
> 
> For Intel hardware, all implemented bits are covered by the checks.
> 
> For AMD hardware, the only EFER bit which isn't covered by the checks is TCE
> (which AFAICT is specific to AMD Fam15/16 hardware).  We never advertise TCE
> in CPUID, but it isn't a security problem to have TCE unexpected enabled in
> guest context.
> 
> Disallow the setting of bits outside of the EFER_KNOWN_MASK, which prevents
> any vmentry failures for guests, yielding #GP instead.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86/hvm: Disallow unknown MSR_EFER bits
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH] x86/hvm: Disallow unknown MSR_EFER bits
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v2] xen/spinlock: Don't use pvqspinlock if only 1 vCPU
Next by Date: Re: [Xen-devel] [PATCH] x86/spec-ctrl: Fix the parsing of xpti= on fixed Intel hardware
Previous by thread: [Xen-devel] [PATCH] x86/hvm: Disallow unknown MSR_EFER bits
Next by thread: Re: [Xen-devel] [PATCH] x86/hvm: Disallow unknown MSR_EFER bits
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.